You're right these systems are currently flawed, and may remained flawed. But, the same is true for all systems.
Don't get me wrong I agree in theory that every company should not retain any customer information - I work for one of a few companies that does that, but, I also know that many company's will not make that switch (example a bank, or a medical record) and in such cases that data should be as secure as possible.
To counter the irresponsible promises you are talking about it'd be ideal to see compliance and security regulation like we see with HIPPA applied to all customer data, but until we evolve proper trust-less identification models and ways for users to self-secure and trustlessly validate their information then some businesses will always collect data.
Don't get me wrong I agree in theory that every company should not retain any customer information - I work for one of a few companies that does that, but, I also know that many company's will not make that switch (example a bank, or a medical record) and in such cases that data should be as secure as possible.
To counter the irresponsible promises you are talking about it'd be ideal to see compliance and security regulation like we see with HIPPA applied to all customer data, but until we evolve proper trust-less identification models and ways for users to self-secure and trustlessly validate their information then some businesses will always collect data.